Enterprise Single Sign On with SAML

Mojo Helpdesk supports Secure Assertion Markup Language (SAML), which is a mechanism that allows you to provide single sign-on (SSO) for your helpdesk using identity providers such as Active Directory, LDAP, Google, etc. SAML eliminates the need for maintaining various credentials for various applications and reduces identity theft. When Enterprise Single Sign On with SAML is setup, the users will be able to login into the helpdesk through the configured Identity Provider. Once SAML is configured this will be the only method available for users to login. #### How SAML for Mojo works When a user visits your Mojo Helpdesk and clicks on the login link, he will be redirected to the Identity Provider's login system which will authenticate the user and notify Mojo with the user's details, at which point the user will be logged into Mojo. ![](/images/mojo-saml-sso.png) #### Configuring SAML SAML needs to be configured both on your Mojo Helpdesk, and on the Identity Provider. On Mojo Helpdesk's side you have to specify two fields: - **Remote Login URL** - this is the url to where the user will be redirected to when trying to login into Mojo Helpdesk. That URL should be the SAML entry point of your Identity Provider - **Certificate fingerprint** - SHA1 fingerprint of the SAML certificate from your SAML server On the Identity Provider side you have to specify the following fields: - **Access Consumer Service (ACS) URL** - https://`your-helpdesk-domain`/saml/consume - **Entity ID** - `your-helpdesk-domain` - **Name ID** (if applicable) - should be selected to be the user's email address. User Attributes recognized by Mojo Helpdesk: - **email** - **first_name** - **last_name**
Published on: 2016-11-10 See other articles in SSO (Single Sign On).